1. Field of the Invention
The present invention relates to a computer communications security control system for identifying authorized users who seek access to a host computer, for establishing and maintaining a communications link between a terminal of a computer network and a host computer with assurance being provided that the terminal is being operated by an authorized user of the host computer, and for preventing unauthorized access to the host computer even if an unauthorized user succeeds in duplicating an authenticating signal that has been used previously by an authorized user to gain or maintain access to the host computer. In a broader sense, the present invention relates to the field of electronic communication, and provides methods for identifying and checking the authority of users of remotely located electronic communications equipment such as remote terminals of a computer network, and for assuring that one or more users of remote terminals of a communications network such as linked terminals of a computer equipment network are duly authorized and/or properly identified so that improper use of the equipment is prevented.
2. Prior Art
The problem of controlling access by communicating data terminal equipment to a host computer, or to selected programs and/or data stored by a host computer, so that access can be established and maintained by duly authorized personnel only has become of increasing concern. Moreover, the problem of limiting computer equipment access to duly authorized users has two important objectives that must be taken into account in formulating a suitable solution. While one objective is to establish a system of barriers and obstacles that cannot be traversed or circumvented by unauthorized users, an equally important objective is to assure that such barriers and obstacles as are provided to safeguard against unauthorized access do not unduly hinder either the establishing or maintaining of appropriate access by duly authorized users.
As the number of communicating terminals including personal and business computers has proliferated to the point that communicating data terminal equipment is now readily available, there has been a corresponding increase in the number of persons who have sought to gain unauthorized access to computer equipment such as host computers. Persons who have attempted to gain unauthorized access to host computers have included (1) those who seek access for such illegal purposes as making use of the capabilities of such equipment or for gaining access to and/or manipulating confidential information and/or stored data, and (2) a substantial number of clever people who have taken up the challenge of breaking through computer security systems as something of a fashionable pastime or game wherein they pit their skills and mental acumen against such barriers and obstacles as have been set up by computer security specialists. As users of personal and business computers and other communicating data terminal equipment have become increasingly knowledgeable about such conventional security precautions as passwords and security oriented log-on sequences, the need has become even more paramount for improved methods and apparatus that will serve to properly limit host computer access to duly authorized users without unduly complicating efforts by authorized users to establish and maintain host computer access.
The approach that continues to be utilized most commonly in efforts to control access to such communicating computer equipment as host computers is to require that authorized users transmit a "password," i.e., a purportedly "secret" signal string that is known to the authorized user but not to others, and that is recognized by the host computer as constituting its authorization to permit a predetermined degree of access between the authorized user's terminal and the host computer's facilities and stored data. However, the approach of using one or more passwords as the principal barrier to block unauthorized access has been found to provide only a minimal degree of security inasmuch as authorized users sometimes share their "secret" passwords with colleagues, or the passwords are inadvertently disclosed, discovered, or "broken."
Another approach that has been taken to enhance security between communicating data terminal equipment and a host computer is to provide a "call-back" accessing sequence that must be executed in order for an authorized user to log onto a host computer. In accordance with this practice, the user first establishes communication with a host computer by calling a telephone number that connects with the host. Once the user has successfully completed a first phase of a prescribed log-on procedure, the host computer terminates the original communication link, and then re-establishes communication with the user by placing a separate telephone call to the user at a telephone number where the authorized user is thought to be accessible. The user who has been called by the host computer is then required to complete a second phase of the prescribed log-on procedure.
The call-back approach for logging onto a host computer is often cumbersome to execute, is subject to error that may delay or prevent an authorized user from successfully establishing a needed computer communications link, and requires that an authorized user be stationed at a predetermined location in order to receive the host computer's return call. The requirement of the call-back approach for the host to place a return call to a predetermined telephone number prevents an authorized user from establishing communication with a host computer from such communicating data terminal equipment as may be accessible to the authorized user at locations that are not served by the user's pre-assigned call-back telephone number; thus an authorized user must limit his communications with the host computer to occasions when his schedule brings him to one or a limited number of specific terminals and/or terminal locations. A further problem with the call-back approach is that it is not applicable for use with hard wired networks, or with switchboards, or with networks that include leased lines to which no telephone numbers are assigned. Still further, the security provided by the call-back approach can be defeated through the use of call-forwarding services that are now provided on many telephone exchanges in the United States.
Another proposal that has been made to enhance the security of terminal to host computer communications utilizes installations of hardware in the form of an "accessor" unit that is provided in association with a user's terminal, and a "controller" that is provided in association with a host computer. This proposal is presented in U.S. Pat. No. 4,475,175 issued Oct. 2, 1984, to James G. Smith, the disclosure of which is incorporated herein by reference for its illustration of a typical arrangement of commercially available electrical circuit components that can be utilized to monitor signals being transmitted along a communications link, to store signal string sequences, to transmit stored signal string sequences in response to query signals, to compare signal string sequences that have been transmitted along a communications link to check for propriety, and to take action such as terminating a communications link if a comparison of a received signal string sequence differs from what is deemed to comprise an authorized value.
While the proposal of the Smith patent provides for the use of a dialog between communications equipment at opposite ends of a communications link, with the character of the dialog being essentially transparent to (i.e., unobserved by) the users of the equipment, the proposal does not address the need to assure that the users of linked communications terminals are authorized persons. Rather, the proposal of the Smith patent continues to rely on the use of passwords and/or security oriented log-on sequences to identify users and verify their authority to use linked communications equipment. Rather than to free authorized users to access host computer equipment through the use of a large number of terminals, the Smith proposal is intended for "restricting the number of places from which access can be accomplished." Moreover, because the hardware utilized in implementing the Smith proposal remains in place in an entirely operable state once installed, there are no controlling or key elements that remain within the safeguarded custody of authorized users that must be present for a terminal of the Smith proposal to be utilized, whereby, in the absence of an authorized user, terminals of the Smith system can be used quite readily by operators who are not authorized users.
While still other proposals have been made for various types of highly technical and expensive methods and apparatus for authenticating the authority of a user of various types of remote communications equipment that is networked or otherwise "linked," the need remains for a versatile, reliable system that will limit communications equipment access to authorized personnel, and that will serve to identify and/or verify the authorization of such persons as seek to use the equipment. While voice print, fingerprint and retinal pattern recognition systems have been proposed to enhance computer security, such proposals are unduly complex and expensive, and are impractical to implement for widespread day to day use by authorized users who need a capability to readily establish communications links with host computers through such data terminal equipment as may be available to them regardless of their locations.